1 files changed, 176 insertions, 0 deletions
diff --git a/src/firemon/interface.c b/src/firemon/interface.c
new file mode 100644
index 000000000..52a9c33cd
--- /dev/null
+++ b/src/firemon/interface.c
@@ -0,0 +1,176 @@
+/*
+ * Copyright (C) 2014, 2015 netblue30 (netblue30@yahoo.com)
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+#include "firemon.h"
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <netdb.h>
+#include <arpa/inet.h>
+#include <ifaddrs.h>
+#include <net/if.h>
+#include <linux/connector.h>
+#include <linux/netlink.h>
+#include <linux/if_link.h>
+#include <linux/sockios.h>
+#include <sys/ioctl.h>
+//#include <net/route.h>
+//#include <linux/if_bridge.h>
+// print IP addresses for all interfaces
+static void net_ifprint(void) {
+        uint32_t ip;
+        uint32_t mask;
+        struct ifaddrs *ifaddr, *ifa;
+        int fd;
+        if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
+                fprintf(stderr, "Error: cannot open AF_INET socket\n");
+                exit(1);
+        }
+        if (getifaddrs(&ifaddr) == -1)
+                errExit("getifaddrs");
+        // walk through the linked list
+        printf("  Link status:\n");
+        for (ifa = ifaddr; ifa != NULL; ifa = ifa->ifa_next) {
+                if (ifa->ifa_addr == NULL)
+                        continue;
+                if (ifa->ifa_addr->sa_family == AF_PACKET) {
+                        if (ifa->ifa_flags & IFF_RUNNING && ifa->ifa_flags & IFF_UP) {
+                                if (ifa->ifa_data != NULL) {
+                                        struct rtnl_link_stats *stats = ifa->ifa_data;
+                                        // extract mac address
+                                        struct ifreq ifr;
+                                        memset(&ifr, 0, sizeof(ifr));
+                                        strncpy(ifr.ifr_name,  ifa->ifa_name, IFNAMSIZ);
+                                        int rv = ioctl (fd, SIOCGIFHWADDR, &ifr);
+                                        
+                                        if (rv == 0)
+                                                printf("     %s UP, %02x:%02x:%02x:%02x:%02x:%02x\n",
+                                                        ifa->ifa_name, PRINT_MAC((unsigned char *) &ifr.ifr_hwaddr.sa_data));
+                                        else
+                                                printf("     %s UP\n", ifa->ifa_name);
+                                        
+                                        printf("          tx/rx: %u/%u packets,  %u/%u bytes\n",
+                                                stats->tx_packets, stats->rx_packets,
+                                                stats->tx_bytes, stats->rx_bytes);
+                                }
+                        }
+                        else
+                                printf("     %s DOWN\n", ifa->ifa_name);
+                }                       
+        }
+        // walk through the linked list
+        printf("  IPv4 status:\n");
+        for (ifa = ifaddr; ifa != NULL; ifa = ifa->ifa_next) {
+                if (ifa->ifa_addr == NULL)
+                        continue;
+                if (ifa->ifa_addr->sa_family == AF_INET) {
+                        struct sockaddr_in *si = (struct sockaddr_in *) ifa->ifa_netmask;
+                        mask = ntohl(si->sin_addr.s_addr);
+                        si = (struct sockaddr_in *) ifa->ifa_addr;
+                        ip = ntohl(si->sin_addr.s_addr);
+                        char *status;
+                        if (ifa->ifa_flags & IFF_RUNNING && ifa->ifa_flags & IFF_UP)
+                                status = "UP";
+                        else
+                                status = "DOWN";
+                        printf("     %s %s, %d.%d.%d.%d/%u\n",
+                                ifa->ifa_name, status, PRINT_IP(ip), mask2bits(mask));
+                }
+        }
+        // walk through the linked list
+        printf("  IPv6 status:\n");
+        for (ifa = ifaddr; ifa != NULL; ifa = ifa->ifa_next) {
+                if (ifa->ifa_addr == NULL)
+                        continue;
+                if (ifa->ifa_addr->sa_family == AF_INET6) {
+                        char host[NI_MAXHOST];
+                        int s = getnameinfo(ifa->ifa_addr, sizeof(struct sockaddr_in6),
+                                host, NI_MAXHOST, NULL, 0, NI_NUMERICHOST);
+                        if (s == 0) {
+                                char *ptr;
+                                if ((ptr = strchr(host, '%')) != NULL)
+                                        *ptr = '\0';
+                                char *status;
+                                if (ifa->ifa_flags & IFF_RUNNING && ifa->ifa_flags & IFF_UP)
+                                        status = "UP";
+                                else
+                                        status = "DOWN";
+                                printf("     %s %s, %s\n", ifa->ifa_name, status, host);
+                        }
+                }
+        }
+        freeifaddrs(ifaddr);
+        close(fd);
+}
+static void print_sandbox(pid_t pid) {
+        pid_t child = fork();
+        if (child == -1)
+                return;
+        
+        if (child == 0) {
+                int rv = join_namespace(pid, "net");
+                if (rv)
+                        return;
+                net_ifprint();
+                printf("\n");
+                exit(0);
+        }
+        
+        // wait for the child to finish
+        waitpid(child, NULL, 0);
+}
+void interface(pid_t pid) {
+        if (getuid() != 0) {
+                fprintf(stderr, "Error: you need to be root to run this command\n");
+                exit(1);
+        }
+        
+        pid_read(pid); // a pid of 0 will include all processes
+        
+        // print processes
+        int i;
+        for (i = 0; i < max_pids; i++) {
+                if (pids[i].level == 1) {
+                        pid_print_list(i, 0);
+                        int child = find_child(i);
+                        if (child != -1) {
+                                print_sandbox(child);
+                        }
+                }
+        }
+}

diff --git a/src/firemon/interface.c b/src/firemon/interface.c new file mode 100644 index 000000000..52a9c33cd --- /dev/null +++ b/src/firemon/interface.c
@@ -0,0 +1,176 @@
	1	/*
	2	* Copyright (C) 2014, 2015 netblue30 (netblue30@yahoo.com)
	3	*
	4	* This file is part of firejail project
	5	*
	6	* This program is free software; you can redistribute it and/or modify
	7	* it under the terms of the GNU General Public License as published by
	8	* the Free Software Foundation; either version 2 of the License, or
	9	* (at your option) any later version.
	10	*
	11	* This program is distributed in the hope that it will be useful,
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	14	* GNU General Public License for more details.
	15	*
	16	* You should have received a copy of the GNU General Public License along
	17	* with this program; if not, write to the Free Software Foundation, Inc.,
	18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
	19	*/
	20	#include "firemon.h"
	21	#include <sys/types.h>
	22	#include <sys/wait.h>
	23	#include <netdb.h>
	24	#include <arpa/inet.h>
	25	#include <ifaddrs.h>
	26	#include <net/if.h>
	27	#include <linux/connector.h>
	28	#include <linux/netlink.h>
	29	#include <linux/if_link.h>
	30	#include <linux/sockios.h>
	31	#include <sys/ioctl.h>
	32
	33	//#include <net/route.h>
	34	//#include <linux/if_bridge.h>
	35
	36	// print IP addresses for all interfaces
	37	static void net_ifprint(void) {
	38	uint32_t ip;
	39	uint32_t mask;
	40	struct ifaddrs ifaddr, ifa;
	41
	42	int fd;
	43	if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
	44	fprintf(stderr, "Error: cannot open AF_INET socket\n");
	45	exit(1);
	46	}
	47
	48	if (getifaddrs(&ifaddr) == -1)
	49	errExit("getifaddrs");
	50
	51	// walk through the linked list
	52	printf(" Link status:\n");
	53	for (ifa = ifaddr; ifa != NULL; ifa = ifa->ifa_next) {
	54	if (ifa->ifa_addr == NULL)
	55	continue;
	56
	57	if (ifa->ifa_addr->sa_family == AF_PACKET) {
	58	if (ifa->ifa_flags & IFF_RUNNING && ifa->ifa_flags & IFF_UP) {
	59	if (ifa->ifa_data != NULL) {
	60	struct rtnl_link_stats *stats = ifa->ifa_data;
	61
	62	// extract mac address
	63	struct ifreq ifr;
	64	memset(&ifr, 0, sizeof(ifr));
	65	strncpy(ifr.ifr_name, ifa->ifa_name, IFNAMSIZ);
	66	int rv = ioctl (fd, SIOCGIFHWADDR, &ifr);
	67
	68	if (rv == 0)
	69	printf(" %s UP, %02x:%02x:%02x:%02x:%02x:%02x\n",
	70	ifa->ifa_name, PRINT_MAC((unsigned char *) &ifr.ifr_hwaddr.sa_data));
	71	else
	72	printf(" %s UP\n", ifa->ifa_name);
	73
	74	printf(" tx/rx: %u/%u packets, %u/%u bytes\n",
	75	stats->tx_packets, stats->rx_packets,
	76	stats->tx_bytes, stats->rx_bytes);
	77	}
	78	}
	79	else
	80	printf(" %s DOWN\n", ifa->ifa_name);
	81	}
	82	}
	83
	84
	85	// walk through the linked list
	86	printf(" IPv4 status:\n");
	87	for (ifa = ifaddr; ifa != NULL; ifa = ifa->ifa_next) {
	88	if (ifa->ifa_addr == NULL)
	89	continue;
	90
	91	if (ifa->ifa_addr->sa_family == AF_INET) {
	92	struct sockaddr_in si = (struct sockaddr_in ) ifa->ifa_netmask;
	93	mask = ntohl(si->sin_addr.s_addr);
	94	si = (struct sockaddr_in *) ifa->ifa_addr;
	95	ip = ntohl(si->sin_addr.s_addr);
	96
	97	char *status;
	98	if (ifa->ifa_flags & IFF_RUNNING && ifa->ifa_flags & IFF_UP)
	99	status = "UP";
	100	else
	101	status = "DOWN";
	102
	103	printf(" %s %s, %d.%d.%d.%d/%u\n",
	104	ifa->ifa_name, status, PRINT_IP(ip), mask2bits(mask));
	105	}
	106	}
	107
	108
	109	// walk through the linked list
	110	printf(" IPv6 status:\n");
	111	for (ifa = ifaddr; ifa != NULL; ifa = ifa->ifa_next) {
	112	if (ifa->ifa_addr == NULL)
	113	continue;
	114
	115	if (ifa->ifa_addr->sa_family == AF_INET6) {
	116	char host[NI_MAXHOST];
	117	int s = getnameinfo(ifa->ifa_addr, sizeof(struct sockaddr_in6),
	118	host, NI_MAXHOST, NULL, 0, NI_NUMERICHOST);
	119	if (s == 0) {
	120	char *ptr;
	121	if ((ptr = strchr(host, '%')) != NULL)
	122	*ptr = '\0';
	123	char *status;
	124	if (ifa->ifa_flags & IFF_RUNNING && ifa->ifa_flags & IFF_UP)
	125	status = "UP";
	126	else
	127	status = "DOWN";
	128
	129	printf(" %s %s, %s\n", ifa->ifa_name, status, host);
	130	}
	131	}
	132	}
	133
	134	freeifaddrs(ifaddr);
	135	close(fd);
	136	}
	137
	138	static void print_sandbox(pid_t pid) {
	139	pid_t child = fork();
	140	if (child == -1)
	141	return;
	142
	143	if (child == 0) {
	144	int rv = join_namespace(pid, "net");
	145	if (rv)
	146	return;
	147	net_ifprint();
	148	printf("\n");
	149	exit(0);
	150	}
	151
	152	// wait for the child to finish
	153	waitpid(child, NULL, 0);
	154	}
	155
	156	void interface(pid_t pid) {
	157	if (getuid() != 0) {
	158	fprintf(stderr, "Error: you need to be root to run this command\n");
	159	exit(1);
	160	}
	161
	162	pid_read(pid); // a pid of 0 will include all processes
	163
	164	// print processes
	165	int i;
	166	for (i = 0; i < max_pids; i++) {
	167	if (pids[i].level == 1) {
	168	pid_print_list(i, 0);
	169	int child = find_child(i);
	170	if (child != -1) {
	171	print_sandbox(child);
	172	}
	173	}
	174	}
	175	}
	176